package com.demo.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

	private AnyUserDetailsService anyUserDetailsService;

	@Autowired
	public void setAnyUserDetailsService(AnyUserDetailsService anyUserDetailsService) {
		this.anyUserDetailsService = anyUserDetailsService;
	}

	/**
	 * 匹配 "/" 路径，不需要权限即可访问 匹配 "/user" 及其以下所有路径，都需要 "USER" 权限 登录地址为
	 * "/login"，登录成功默认跳转到页面 "/user" 退出登录的地址为 "/logout"，退出成功后跳转到页面 "/login" 默认启用 CSRF
	 */
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests().antMatchers("/").permitAll().antMatchers("/user/**").hasRole("USER")
				.antMatchers("/admin/**").hasRole("ADMIN").and().formLogin().loginPage("/login")
				.defaultSuccessUrl("/").and().logout().logoutUrl("/logout").logoutSuccessUrl("/login");
	}

	/**
	 * 添加 UserDetailsService， 实现自定义登录校验
	 */
	@Override
	protected void configure(AuthenticationManagerBuilder builder) throws Exception {
		// 密码加密 passwordEncoder(passwordEncoder()
		builder.userDetailsService(anyUserDetailsService).passwordEncoder(passwordEncoder());
	}

	/**
	 * 密码加密
	 */
	@Bean
	public BCryptPasswordEncoder passwordEncoder() {
		return new BCryptPasswordEncoder();
	}
}
